Forwarded by permission.
Juliusz
--- Begin Message ---
On 1/9/06, Juliusz Chroboczek <[EMAIL PROTECTED]> wrote:
> > * Control darcs SSL verification with an environment variable.
>
> > 0 = Turn off all certificate verification. Proceed happily even if the
> > server's certificate fails verification.
>
> Could you please explain why this is needed? Self-signed certificates?
Precisely. I was trying to access Zooko's repo a while back and he had
HTTPS. Darcs get kept failing and indicated it was a libcurl error
(code 60 Problem with CA cert path). He told me he was using a self
signed certificate. We had a discussion about how to get around this
limitation and the most obvious way was to turn of SSL cert
verification with libcurl.
It sure beats adding another CA certifcate to curl-ca-bundle.crt,
where in some cases you would not even have root access to the machine
where darcs is on.
> Assuming this is a good idea, I'm wondering whether it wouldn't make
> sense to have a single environment variable CURL_OPTIONS that deals
> with that and can be extended when other needs arise. Opinions?
Well, I had a couple hours free time when I made the patch so you
could say it was a lazy attempt on my part :) What would be the format
of CURL_OPTIONS? I am thinking space separated list of key-value
pairs.
And at this time, turning off SSL cert verification is the only curl
option that seems to be useful for me. I also have another repo with
an SSL cert signed by CACert.
> > + darcs_curl_ssl_verification_flag = getenv("DARCS_CURL_SSL_VERIFICATION");
>
> You should cache this. See how it's done with DARCS_SLOPPY_LOCKS in
> atomic_create.c.
Yes, I think so too. I noticed while debugging the patch that darcs
keeps calling get_curl().
--
_nimrod_a_abing_
"If you can see Chuck Norris, he can see you. If you can't see Chuck
Norris, you may be only seconds away from death." --
http://www.chucknorrisfacts.com/
--- End Message ---
_______________________________________________
darcs-devel mailing list
[email protected]
http://www.abridgegame.org/cgi-bin/mailman/listinfo/darcs-devel
